Tuesday, July 26, 2016

Recently we had a request to be able to share calendar with an external organisation that we are working on a project with. In the old days of Exchange, the only way of achieving this in a seamless way was to setup trusts or use things IIRU and IIFP.

Since Exchange 2010, Microsoft have introduced the Microsoft Federation Gateway. This allows companies to setup a trust to Microsoft which can be used to gain scheduling information with a third parties once policies have been configured on both parties Exchange environment.

This looked like a pretty straight forward task and certainly a LOT easier than setting up direct trusts or sharing keys. Unfortunately it wasn't quite that straight forward.
These were the Issues we ran into and the relevant fix.

1. Cannot create Organisational Relationship for third party. Also when running get-federationinformation Powershell cmdlet, it errors.

FIX = Enable WSsecurity for EWS and Autodiscover virtual directories. This was already set to true, but resetting this to true fixed this issue.

3. Lastly, Free/Busy information worked one way, but not the other.

Works from Lab into Enterprise

Fails from Enterprise into Lab

FIX = Enable Outlook logging, attempt the Free/Busy test and in resultant FB log file it shows a proxy 407 authentication issue. The fix is to allow unauthenticated access to the EWS path from all the CAS servers.

I found the two following blogs very useful through this process. If you are struggling and the above doesn't work for you, then go check these links out.

1 comment:

Free/busy can frequently be a pain in the neck with Exchange OnPrem to Office 365 hybrid. Reverse proxies can be an issue. WSsecurity for EWS already set to true is a real gotcha. Looks okay but you reset it and hey presto, working. Remote Connectivty Analyser is always good for troubleshooting EWS on both environments.